search

malquery

CrowdStrike FalconPy CrowdStrike FalconPy CrowdStrike Subredditarrow-up-right

hashtag
MalQuery examples

The examples in this folder focus on leveraging CrowdStrike's MalQuery API to perform threat hunting operations.

hashtag
Search and Download samples from MalQuery

Downloads a specified number of examples from MalQuery that match the search term and type you specify. Results will be stored in zip archive format with the password of infected.

[!WARNING] Samples downloaded from MalQuery have been confirmed as malware. Handle with extreme caution.

hashtag
Running the program

In order to run this demonstration, you will need access to CrowdStrike API keys with the following scopes:

Service Collection
Scope

MalQuery

READ, WRITE

hashtag
Execution syntax

This example accepts the following input parameters.

Parameter
Purpose

-t, --type

Type of pattern for the query. Select from ASCII, HEX, or WIDE. Defaults to ASCII.

-v, --value

The value for malquery to search.

-f, --file

Filename to save the downloaded samples to. File will be in zip format.

-e, --examples

Number of examples to download. Integer only.

-k, --key

Your CrowdStrike Falcon API Client ID

-s, --secret

Your CrowdStrike Falcon API Client Secret

Downloads 3 trickbot samples from MalQuery

Command-line help

Command-line help is available using the -h or --help parameters.

hashtag
Example source code

The source code for this example can be found herearrow-up-right.

PreviousiocNextml_exclusions

Last updated

Was this helpful?